Posted
by
timothy
on Sunday May 12, 2002 @03:53PM
from the officialism-and-its-discontents dept.

mpawlo writes: "Newsforge published a piece I wrote on a lemon law for software. That is - what would happen if shrinkwrap limitation of liability clauses would be banned? I think Microsoft and the GNU Project would both suffer."

I love this little quip:"We all know that the open and distributed model for development described in Eric S. Raymond's book "The Cathedral and the Bazaar" is much better and creates more reliable products than any closed non-distributed development model. "

I'm wondering if the author can substantiate this claim with facts.

This is the primary problem with Open Source advocacy, it relies a lot upon blind faith.

"We all know that the open and distributed model for development described in Eric S. Raymond's book "The Cathedral and the Bazaar" is much better and creates more reliable products than any closed non-distributed development model. "

I'm wondering if the author can substantiate this claim with facts.

I think that facts can be referenced by security incidents, patches, and accessibility on complete products. One of the problems with open-source systems: a lot don't go 1.0. If the program works great, but never goes 1.0 release then no one can critique its bugs because it is still in development.

To be fair to closed-source projects, you cannot group Microsoft Windows into the same catagory with something like Unicos. Both are closed-source, but Unicos is particularly designed for a specific platform on specific hardware, where Windows is designed to run on a handful of platforms (NT on MIPS, PPC, etc, and "regular" Windows on x86->P4) and on just about any hardware thrown at it. Windows would be more stable (forget security for a sec) if people would keep it running on hardware designed for Windows with proper drivers sanctioned by Microsoft.

As for open-source there are many pieces of software that just plain suck! We all need to be honest!

No, you have it backwards. A well designed OS would not barf all over itself and dy because of a bad driver. The driver/device might fail, but the OS would chug right along.

Well, that rules out most operating systems then. Most OS's run drivers at the same privilidge level as the kernel, and hence a broken driver can crash your system.

In fact, many hardware architectures only support two privildge levels, so it's impossible to fix this in general (though x86 supports 4, which would allow the OS to protect itself somewhat from a rogue driver).

I am so sick of this elitist bullshit around here. Software crashes!! Get it? OK?? Nothing is completely immune, you know, humans write OSes, there's bound to be a few bugs here and there. When drivers run at Kernel Level, and they fuck up, that's when shit goes haywire.

A poorly written interrupt service routine can crash almost any "well written" OS. Most people love to complain about being poorly written but they give no credence to the architecture the OS is written for. For instance it is not fair to compare Win3.1 to Win2k because the newer CPU architectures trap more problems then my old 386 could.

However I am not claming that Win3.1,95,98, and ME were not pathetic excuses for operating systems.

This is the primary problem with Open Source advocacy, it relies a lot upon blind faith.Methinks blind faith applies to Closed Source. With Open Source you get to use your eyes.

For facts, with Open Source edge and corner cases can be diagnosed and debugged AFTER release. Effectively you tend to get 1 or 2 more 9's more reliable product with minimal cost. There's no magic bullet and not even Open Source will make everything bug-free, but Open Source is probably the only effective way to deal with "scissors, paper, stone" scenarios where the is no a priori solution.

I don't know how that Lemon Law was written, and as a NON-lawyer, I just has this to say...

Think of Free Softwares as Lemons you picked from a Lemon Orchard.

Thank of Commercially Shrinkwrapped Softwares as the one you purchase from supermarket.

Both the Free Softwares (aka Lemons you picked from Lemon Orchard) and Commercially Shrinkwrapped Softwares (aka Lemons you bought from supermarket) _WERE_ owned by somebody BEFORE it got into your hand.

If you ate the Lemons you picked (FREE) from a Lemon Orchard, and you got sick from it, how much right you have on SUING the Lemon Orchard owner ?

On the other hand, if you purchased a lemon from a Supermarket, ate that thing and you got sick, I am sure you have causes to sue the supermarket owner.

Applying the above principle, I don't think those who wrote Free Softwares (other than those who had BAD INTENTIONS) can be successfully sued - for the users of FREE Sofwares didn't pay ANYTHING to the authors.

On the other hand, the producers of Commercial shrikwrapped Softwares might be liable for whatever harm that comes from the softwares - for the authors of the commercial softwares got PAID by the users, either directly, or indirectly.

And let me re-iterate this - I am NOT a lawyer. Do not take what I say as fact, please !

Gimp can do almost everything that Photoshop can. It's GUI is everey bit as intuitive (not that either are particulary so) as PS, and much more modern looking. My god, Adobe cranked those damn toolbars out in the MacOS 6 days and never updated them. Sick.

So just where does Gimp actually fail and PS suceed? Nay-sayers are always picking on Gimp, including many people who work with PS alot. Yet when it comes to specific criticisms, no one says a damn thing. You think the Gimp team wouldn't mind some honest criticisms? You could expect fixes within weeks.

Most people that rant about it, are simply pissed that they've learned to work around Adobe's cruddy flaws for years, and that experience would be useless if they switch to Gimp. Boo fucking Hoo.

And Gimp isn't even a particularly good example for OSS. If I were choosing unfairly, I could find many more favorable examples.

Well, if you're looking for criticisms for gimp, i'll say, as an intermediate user of both gimp and ps, I find gimp infinitely harder to use...unlike you, I think the interface of PS is MUCH better than gimp, and takes much much less getting used to. Just because it hasn't changed much doesn't mean it's bad--if it ain't broke don't fix it. Other than the interface, there are lots of small things I have problems with--the cut/copy/paste features of gimp aren't up there with photoshop. One small example--in PS, if I make a selection and copy, and then do new document, the new document is sized to start with the right dimension...not so in GIMP. It's the polish that I find GIMP lacking.

Gimp can do almost everything that Photoshop can. It's GUI is everey bit as intuitive (not that either are particulary so) as PS, and much more modern looking.

This is one of the biggest problems with OSS: Poor evaluation of software quality.

Geeks don't generally use photoshop, artists (the types who don't frequent/.) do. Yes, there is such a thing as a geek who's an artist (I'm a self-proclaimed one myself), but this is very different then an artist who's heavily involved in the graphic design industry, and likes their simple Mac. But all of this is irrelevant. Where's the market research showing what graphic artists want and need? Where's the usability studies to prove that the Gimp is intuitive at all? You are proving the Parent post's contention of "Blind Faith" just by replying with this extremely subjective yet authoritative stance.

Then again, there are comedians comparing MySQL and Postgresql with Oracle and DB2, clueless people comparing Ext3 or Raiser-fs with Veritas.

Don't get me wrong, there are some good open source software, but not many so far that can even remotly compare with their commercial counterparts.

What you say is correct. You must be committed to see through a massive project. This doesn't happen in open source, except for critical areas like the kernel. The majority of coders write an application e.g. MySQL and takes *ages* to add new features (e.g. subselects) that would require you to gut the code you've written and almost start coding again from scratch.

The MySQL and PostgreSQL people arent stupid, when Borland open-sourced Interbase they were like "Oh my GOD! These megacorporate development teams totally outclass us." Even Postgres can't even now come anywhere near Interbase despite the fact they've got all that code to copy-and-paste from. Heck Postgres only a short time ago fixed their field size limitation.

What we need to do now is work out how succesful open source projects e.g. Samba, Apache get through difficult times, e.g. meticulous bug-hunting OpenBSD-style, massive code rewrites. Then we can stick this message onto the front of Sourceforge.

Your example of the GIMP is a pitiful one for two reasons. The first is that the GIMP is held up by patents in various areas. The second is that GIMP and Photoshop are not the kinds of products that the article is talking about. Say what you will of the GIMP's features and interface, it is no less dependable a program than Photoshop. I've never heard tales of GIMP users losing critical data any more so than Photoshop users.

Perhaps comparing IIS breakins vs. Apache breakins, especially given that there are more Apache servers on the web (and probably run by more amateurs than IIS admins). Or FreeBSD vs. Windows 2000 vulnerabilities. Or, to be fair, sendmail vs. Exchange (although I'm guessing a lot of people are using things like exim these days). Or how about PostgreSQL vs MSSQL?

These are critical pieces of software that are actually vulnerable to massive data loss. GIMP and Photoshop do not qualify in the same way. Throwing out the term "anecdotal evidence", does not change the fact if you look at the list, you'll find that more often than not, open software beats or at least matches the security and reliability record of its closed counterparts.

This is another example of how little the open source folks apparently know about software testing. The public beta testing you're talking about is known elsewhere as "releasing buggy code", or "screwing the user". Sure, it has a beta label on it somewhere, which is supposed to magically absolve the maker of any fault when it blows up 9 times out of 10, but it was still released to the world, and folks are supposed to actually use it. That's how public beta works, folks use it. Not the formal process of software testing that happens at a professional dev company, but just using it and looking for anything obvious.

Would it be ok for Microsoft to release code that they knew was flawed and full of holes, if they, too, called their software beta-grade and never made it to a release version? No, didn't think so. (How long has some open source code been "beta"? Mozilla?) Use testing is important, it does find some bugs that need fixing, and it also finds some of those usability issues that most free software projects ignore when initially writing the apps. But it doesn't find nearly all of the bugs that may exist. Worse, since the user was just tooling around doing whatever when they hit a bug, they may not be able to remember the steps to reproduce the bug - so even if a big, glaring, ohmigod error is found, you may not be able to find it to fix it.

Depeding primarily on public "beta" testing to find your bugs is very similar to finding landmines by herding sheep through the area. Given enough time (and sheep!) you will have found and dealt with pretty much all the mines along the most common paths. And maybe a few sheep strayed off and found some mines outside of the more familiar areas. But there may still be huge unknown problems just waiting for someone to go off the beaten trail just a little. Real software testing involves a formal process and trained professionals who attempt to test every single portion of an application, one step at a time. It's slow, often tediously dull work, and a test cycle may take longer than the original writing process. But it is much better for a tester to spend the time finding the bug so it can get fixed before the app goes out the door, than for a user to find the bug the hard way and lose data or miss deadlines.

No amount of reading code makes up for the lack of serious QA. MS has more testers for some of its products than many open source apps have users. And guess what, those "many eyes" still missed some bugs. Just imagine what the code would be like if they just stuck a greek "b" on the box and let the users find all the bugs themselves.

But there is a difference between selling a finished product and selling a beta of the product. (Although, from what I remember reading, some company(ies) were having their beta testers buy the product...)

If Microsoft was annoucing that for $200 you could buy the latest version of WindowsXP, I think do not think many people would bite. With commercial companies, they want there product to function right out of the box. Over the years, I have not had many chances to install Windows, but when I have it worked great. It's only ever I start playing around and "tweaking" things does the system start going a little haywire. And granted, like you said, not all the bugs can be caught. (Even user created ones.;)

But, with freely available source code, you better know what you are getting into when you download the source. I am not going to discredit the developers because I am sure many of them try their best to have the software work as well as it can. They have there own QA procedures and debug methods which might not qualify them for Six Sigma but it shakes out some bugs. Those downloading the beta stuff know it might still be buggy and are usually sympathic to the developers and will report bugs if they run into them.

Mozilla is are great example of such a product. Using Bugzilla, users can post bugs and errors they find in the course of running the software. I admit this isn't for the weak of heart or the computer illiterate, but then again, how many computer illiterate people are going to want to install Linux and download Mozilla - or any other free software for that matter - for their system. Unless they have an interest in learning about Linux and becoming computer literate, I say very few.

I should have originally stated that public beta testing or "screwing the user" is one of the ways to shake bugs out of the code. I am sure developers do their fair share and they look towards interested users who are willing to help. Especially if you can't afford a QA department, in the free software world, public beta testing isn't such a bad deal. Not ideal mind you, but not too shabby either.

(And I should add, you will have those developers who are like "Listen. This works on my machine. If it doesn't work on yours, fix it. I'm too busy to deal with you." And in that case, there public beta testing is really "screwing the user".)

I am not sure the author of this thought it through. Consider the 2 cases - the GPL software, and Microsoft software.

GPL software liability would be born by the distributors, and not by the authors (as the article claims). Distributors of software merely need to be reasonably accurate as to the capabilities of their software. Authors of software have no real issues.

Microsoft has a lot of its retail sales go through OEM manufacturers. Those OEMs would bear a heavy liability. So you can predict that the OEMs would rapidly reconfigure Windows to turn off all the nasties like ActiveX, auto-execution of attachments, automatic installation of servers like IIS, macro executable capabilities in Office, etc. Essentially, they would make Windows secure by default.

But I think reasonable liability for software sellers is a good thing.

GPL software liability would be born by the distributors, and not by the authors (as the article claims). Distributors of software merely need to be reasonably accurate as to the capabilities of their software. Authors of software have no real issues.

Yep. IANAL, but liability attorneys aren't likely to sue Open Source authors because A) there was no money actually paid to them by customers, and B) Open Source authors aren't likely to have as much in the way of financial resources as the software publishers. When you sue in a liability case, you go for the deep pockets.

Yep. IANAL, but liability attorneys aren't likely to sue Open Source authors because A) there was no money actually paid to them by customers, and B) Open Source authors aren't likely to have as much in the way of financial resources as the software publishers. When you sue in a liability case, you go for the deep pockets.

How about corporations that contributed to thr free software codebase? They may just hav ethe deep pockets or insurance to cover a claim. In addiotn, with enough people writing code, *someone* may just have enough assets to cover a claim. I guess, in theory, someone could name everyone involved with the development of the code and then collect from homever has the assets. Even if you have no money, the threat of being sued may be enough to stifle development. As for companies, they'd have to think before getting involved with free software about the liability danger.

Well that just solves everything! Oh, wait, without distributors, how is OS software disseminated to the general public on the scale it needs to be in order to get any market share? Oh, that would be the distributors!

I'm going to now go out and make a distributing company! Yes, now not only do I have to peer review EVERY line of code that goes into what I distribute, but I have to accept liability for it if it screws up! Yeah, I'm sure VC would be totally into that.

GPL software liability would be born by the distributors, and not by the authors (as the article claims). Distributors of software merely need to be reasonably accurate as to the capabilities of their software. Authors of software have no real issues.

Simple. I go to my boss and say I want to do X, and package Y suits our needs. Boss runs the Software License by legal(which is standard practice in most companies) and legal tells us we can't use it because of the liability disclaimer.

Right now everybody has one of those disclaimers, but if the law changes... that makes the commercial software all the more attractive.

Simple. I go to my boss and say I want to do X, and package Y suits our needs. Boss runs the Software License by legal(which is standard practice in most companies) and legal tells us we can't use it because of the liability disclaimer.

There will always be a niche for business needs to be filled by software backed by businesses. This in no way indicates it will come without liability. Call up IBM and ask them for a service contract with liability. Or RedHat. Or any other service oriented UNIX company. GPL'd software can be gotten by distributors that will provide reasonable assurances of its function. The difference between it and proprietary software is that GPL'd software can also usually be obtained for free with no liability.

But I think reasonable liability for software sellers is a good thing.

IMHO, it would be best to have a gradient of solution, depending on the problem. For a simple example, a desktop user may use unwarranted software for a shopping list, but should requiere a warranted product for shopping on the net.

A warranted product would be a product that conforms to some fixed requirements. For example, the shopping software (or tool) should be open source, or audited, or the company selling/offering it should be liable in some cases.

Not all products should be in the same bag. My scheduling program is important, but not as important as my bank accounts (for example).

But with free software (especially with smaller projects), the authors generally are the ones distributing it.

Not really. There has to be a sale for there to be a contract of sale, and for there to be a lemon law. It is not like the authors sell you a CD with the software with more than a charge for copying it. When you download some free software from a web site, legally you are distributing it (since you are making the copy).

a disclaimer that states "This is beta software only and is not to be used for anything important. We guarentee that it will break, lose all your data, and possibly burn down your house and several near it. DO NOT USE THIS SOFTWARE"

People have been sued for stranger things, such as wrongful death because they shot someone breaking into their house, or they get sued because someone was injured while tresspassing on their property. Another example is people who willingly smoked cigarettes that even said on the pack that they will seriously harm their health, trying to sue the cigarette companies. There are a lot of examples of breakage in the legal system.

I am not a lawyer (thankfully), but I do know that if I pay for something, and it fails, I am entitled to compensation. If it fails from negligence or designed error, then there can be punitive damages. But let's examine the case of a Linux/BSD web server, running Apache, MySQL, and PostNuke.

To be safe, I download for free a non-commercial Linux such as Debian, or FreeBSD. I might be mistaken, but both are developed by groups of people, and anyone is allowed entry if they are competent enough coders. But a group is not a company. The whole corporation/private/public/IPO thing. I acquire, freely and legally, a copy of their work. They might have benefactors and patrons, but that isn't the same as employers.

So I download Apache, MySQL, and PostNuke. All fall under the same category. Maybe MySQL doesn't, then just replace MySQL/PostNuke with Perl/DBI.

So now a huge bug develops, a hole so large, it had to be coded in Redmond. I lose all my data, my competitors get my secrets, and I'm on unemployment line next to Enron execs. Who do I have to blame?

Let's see, someone or some people worked on a project that was supposed to do some particular task. They made it freely available, source and all, so that others might work on it as well. They made no claims about it's security, stability, etc. Others may have, but they did not misrepresent the software in any way.

I did not contribute, but I saw an opportunity to use their work. So I did. They received nothing from me, not money, not anything. And, the whole time, the company kept no secrets about the product, and in fact, by making the source available, does just the opposite.

There was no intent to decieve, nor any misrepresentation. By not purchasing the product nor any sort of service contract, I entered into no agreement with the group.

Going in, I understand the risks. I assume the responsibility if problems occur. This is 180 degrees different from microsoft, since they make plenty of claims, and since there is a legal agreement between a company and microsoft, and because they are marketing a product with known liabilities.

No, free/open source software doesn't stand to be shut down, rather it stands to gain tremendously. The problem is for companies like RedHat which sell and service open source software. So, form the commercial standpoint, it hurts linux companies who don't have billions to spend on lawyers, like er um, microsoft. But it doesn;t hurt open source software.

No, free/open source software doesn't stand to be shut down, rather it stands to gain tremendously. The problem is for companies like RedHat which sell and service open source software. So, form the commercial standpoint, it hurts linux companies who don't have billions to spend on lawyers, like er um, microsoft. But it doesn;t hurt open source software.

I don't even think that it will hurt Red Hat too badly. Normally (except in the case of injury or death), the vendor's liability for any product is limited to the purchase price. And Red Hat's business model is to make money off the consulting services, not particularly off the CD distributions. So they should be able to cover small claims on this front. And remember, even if a huge company installs it on 250 machines and sues, they probably only bought one copy, so the liability is still small.

Even better, the way lemon laws work gives the vendor an option: return the purchase price or fix the problem to a customer's satisfaction. If an Open Source vendor runs into a huge bug with hundreds or thousands of claims, they are also likely to have a small army of developers (which they don't have to pay) working on fixing it. And so, they can get the fix, and distribute the patch to settle the claims. Customers like that even more than getting their money back.

Fixing the software to the customer's satisfaction may imply a lot more than one might initially assume.

1) Is the fix made in a timely manner? If I base my business on a webstore that you wrote in your spare time, will you be able to get me a fix within 8 hours in the middle of your final exams?

2) Does the fix solve the customer's problem? What if it is a performance / scalability problem, you designed the app to handle 100 transactions per day and the user wants to do 10,000? It dosen't need to be a technical problem either - what if the software is just too complex to use?

Then, consider all of the overhead that the distributer needs in order to (a) test the problem to make sure that they can reproduce the bug - you don't want your developers to get thousands of bogus bug reports (b) find and communicate the problem to the developer (c) and communicate the status to the user.

I think that this is a larger issue than most slashdot readers realize.

Going in, I understand the risks. I assume the responsibility if problems occur.

[I know I'm going to burn through more karma for this!]

But couldn't the same be said for commercial software? I don't see the magical line between "I paid money for something [hard cash, commercial software]" and "I paid other people money [bandwidth, CDs, whatever] for something". One thing I've learned in my life is to never underestimate the law and lawyers; those that pay almost always come out on top. Open source developers do not have the money to fight such suits, and will gladly fold into oblivion if challenged (see recent Wine contributors, DeCSS, bnetd for case examples).

To create a law which provides for liability with software (i.e., Free Speech) seems very dangerous. Even if the intent is to punish those who are making incredible sums of money by shoveling out the most bug-ridden piles of garbage imaginable, it also impunes upon the hobbiest, the casual geek and the open source divoute (if, for nothing less than the threat of a lawsuit). Joe Programmer with his wiz-bang open-source program recieves a summons to a court 2,000 kilometers away is already out the time spent there and the plane tickets -- what is he more likely to do? Give up; which is just as awful as if he'd been found guilty of writing a program (Free Speech, again) that destroyed someone's data. Furthermore, he will serve as a warning to all other programmers (writers of Free Speech) that they should never, ever, under any circumstances release software that does anything.

For all the grief that this would cause Microsoft; it would be worse for us, if only because we don't have a team of lawyers on retainer.

If I build a tree house on my property that is unsafe and someone tresspasses and uses this tree house (which I haven't even said he could use) and gets hurt then I am potentially liable both crimally and civilly. It's called an attractive nuiscence.

I didn't charge anybody anything... I didn't even give permission for it to happen. Yet I am still at fault.

Just because I don't profit off of a transaction doesn't give me a right to put somebody at risk - financially or physically - unless perhaps I am completely forth right; and even then often not. And simply saying "Well, at your own risk," is not completely forth right, not even close.

The only different with purchasing the product is that the legal agreement is explicit. And in an explicit agreement risk can be accepted by the customer. But in the implicit agreement it is assumed that risk is accepted only if it obvious.Otherwise you're buying the right not to be put in a dangerous situation. Which u can't buy because u fundamentally own this as a citizen.

As for the suggestion that there can't be a law suit because there is no company - I think it is pretty clear in the american litigation system there are no lack of defendants.

The legislation would skyrocket production costs for Microsoft if the company were forced to release foolproof products.

Why would this happen? Car manufacturers used the same "skyrocket production costs" argument with the lemon law with cars. But it just doesn't mean that everything needs to be perfect. Instead it just ensures some basic quality control such as practiced in Japan [loyola.edu].

As for free software, it would just mean
that some of the legal entities that support a
packaged product (i.e., Red Hat) would be held to
the same standards. IANAL, but if the FSF says 'this isn't
a complete product' they can't be held liable any
more than a tire company could be for some idiot
putting the wrong tire on their car.

I like this analogy. However, is it fair to say that a software project like WinXP Pro (2+Billion lines of code, right?) or something as complex as an Enterprise Relational Database Engine is actually far more complex then a Car - especially when defining a "reasonable working condition". Either a car is running reasonably well, or it's not. Either it meets simple safty regulations, or it's not. With software, the functionality is not only far more complex, but the potential failures are also far more complex. Many times it takes a serious investigation just to determine which software package caused the problem (was it caused by Linux? Mod_Perl? Apache? MySql?), and even then we aren't always sure. "Best Guesses" may work for debugging and fixing a problem but it won't work in court.

Now, why would Japanese companies like Toyota
(which started basically in someones garage) be
able to take market share from companies like
Ford (who began mass production)? Because they
actually applied the quality control
principles. Ford, &c., were selling an inferior
product, which the "lemon laws" were meant to
protect consumers against.

The same is true for software. Maybe we'll
get some "lemon software" protection, but the
only thing that's really going to get compaies
like Microsoft to start making reliable software
is real competition.

While I don't favor turning the sharks loose on software companies, it is obvious there NEEDS to be some sort of liability and responsibility for bugs.

Some sort of "lemon law" that would REQUIRE the publisher to either correct bugs, and distribute patches for free, or else refund the purchase price IS needed.

What needs to stop is companies like MS being able to leave gaping holes in their products, then correct some of them, and releasing them as "upgrades", ala Windows 98 SE and ME... Those were not really "new" OS's, they were service releases that increased the stability of `98...

In all honesty, the commercial software publishers have brought this on themselves. Sure, MS distributes patches for free for the worst holes (ala, the ones that make Code Red, Nimda, and Klez work), but the fact is, they let their products LEAVE the house with those bugs in the first place.

I see bad consequences for free software out of this, created for it by the closed source companies. Perhaps there can be an exception written in for companies that release source, and in effect, have industry wide peer review of their code.

Eventually, if such a law isn't passed, sooner or later the sharks are going to class action sue and crack away ALL such limitations in the EULA's.

There is too much money and lost productivity happening right now due to software defects.

What we need is a defined list of responsibilities, passed into law, that can't be EULA'ed away.

Neither the federal government nor any state has ever had any sort of warranty/liability law that would affect gifts (transactions involving no payment or consideration), unless the defect was willful and intentional (ie trojans). There is no negligence protection for gifts. I highly doubt that any such software lemon law would break with this ancient precedent.

The GPL clause disclaiming only nondisclaimable warranties exists solely for severability purposes; the "unless prohibited by law" clause appears in almost every warranty disclaimer.

Don't hurry to modify me as a troll, but listen up. The whole point of this law is to cause software developers to pay more attention to the software they develop their software and especially QA it. If there is a Hospital or a goverment database running on software that fails, the developers SHOULD be prosecuted by LAW for this.

The only little detail the law is missing is that people should be expecting what they pay for. If you pay hundreds of thouthands of dollars for lots of software licenses that is ment to be run doing mission-critical operations, the developer should be held liable for his work, because he's getting quite a sum of money. This shall not applicate to Free Software, since it's duh, FREE. You don't go around asking for support for a 10-year old TV set you got for free from a friend.

Does anyone even know for sure what exactly does this law look like ? How many revisions is it supposed to go through ?

If there is a Hospital or a goverment database running on software that fails, the developers SHOULD be prosecuted by LAW for this.
But what about the hospital or government? Shouldn't they bear a good deal of the responsibility for either selecting solid software, or hiring someone to select such? In what manner is the liability to be limited? If I install RandomLittleUtilityX and it runs fine, and then install BigCorporateAndGenerallyTrustedProgramY and it breaks all over the place but runs fine on computers that don't have RLUX installed, is that RLUX's designer's fault, BCAGTPY's designer's/distributor's fault, or mine? If I write up a quick little utility to do something on my computer and it gets onto other computers through some P2P utility unintentionally and causes problems, should I have to pay for damages?

Even assuming that such a "lemon law" could be passed (which is, to my mind, a dubious proposition in and of itself), it wouldn't affect Free/Open Source Software (or even proprietary freeware) at all because there's no contract between the the author/distributor of the software and the user.

While IANAL, I did consult one about this once - when you give something away, you have no obligation to the recipient. Specifically, the recipient can't sue you if the product is defective in some manner.

If you read the GPL, which you link to, you will find that paragraph 5 states:

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

I might be way off, but As far as I can tell, that clause allows me to ignore the GPL, as long as I don't want or need the permissions it gives me. And those are for distributing and modifying, not using. You got the right to use the software when it was given to you.

A contract is a legally binding agreement made for mutual consideration.

The GPL is a license given to redistribute a copyrighted work and derrivatives of it. It is unilateral permission given by an author to do that which a person normally cannot. There is no mutual consideration and no mutual obligation.

While IANAL, I did consult one about this once - when you give something away, you have no obligation to the recipient. Specifically, the recipient can't sue you if the product is defective in some manner.

IANAL either, but I did take a business law course taught by a lawyer. What you said is not quite true (at least not in NY state). When you give somebody something (not for any consideration), then you are not liable for negligence. However, you are liable for gross negligence. Gross negligence is defined as negligence which "shocks the conscience of the court".

My understanding is that it is very difficult to shock the conscience of the court, especially when you're giving something away for free. I suspect that as long as one doesn't knowingly include genuinely malicious code and keep quiet about it, that a software developer who gives away their code for free will be more than fine.

I suspect, though this is just a guess, that RedHat could probably take the position, as long as they made it clear to purchasers, that they are providing an installation and aggregation service, they are not actually selling the code that they didn't write. Thus they would be liable for bugs in the packaging or installation but not in the aggregated software. This would be reasonable, IMHO, and probably legally OK, too. Of course, that's just pure speculation on my part.

Actually, I can say that I am advertising exactly what the code is expected to do, in a unambigous language -- The source itself is more than simply a statement of what the software does. It is the software itself.I think, that in this case, under a properly written lemon law, the distributer will be liable only if the binary does not match the source, and therefore caused damage.

... their lightplane industry before inventing any new product liability laws.

It got so that anyone who flew whilst drunk and crashed a plane that he hadn't maintained for years could sue the manufacturer for many millions with a fair chance of winning. And even if the manufacturer won their legal costs would wipe out the profit on many aircraft. So basically the US lightplane industry closed down. (It has since started up again, as a shadow of its former self, following some law changes.)

OK, that didn't affect all that many people. Closing down the software industry would be a different game altogether.

Let's say I write some super-important thing using the ABC and XYZ toolkits. My program fails and bad stuff happens. Do the people suing me have to prove that it was my code, and not in ABC or XYZ, that failed? Do I have to prove that it was not my code? And finally, how the hell could you prove something like that, anyway? [Especially if it was not repeatable - what if it was the OS, or the hardware, or something else entirely?]

I really don't understand why this is called a lemon law, actually. A car that's a lemon doesn't work, or works for a while and then throws a rod or something. I don't quite see the analouge between that and software.

In fact, someone mentioned a web server dying at some important moment, and the users of that web server losing a lot of money (ebay or amazon or something). Does this qualify under a lemon law? If I have to get somewhere important, and my car doesn't start, can I actually sue the makers of the car?

...is that Microsoft spends a lot on marketing to tell you that their stuff will streamline your business, keep your toilet from clogging, and whiten your teeth while you sleep.

Meanwhile, their EULA practically says that you're better off playing Russian Roulette with five bullets and only one empty chamber, than to trust their software in a mission/enterprise-critical environment. We can't get access to their source code to check it for bugs ourselves, which would shift liability to us if we could do so, did, and then okayed it for use-- we just have to take them at their word, and hope that the server farm doesn't melt down and bankrupt our company.

Free software, on the other hand, is just 'out there'-- it's like finding a still-wrapped condom on the street. Sure, you can pick it up and use it, but if bad things happen, well, how is that anyone's fault but your own?

Liability-eliminating EULAs are an affront to any kind of truth-in-advertising regulations. A software company should definitely be able to be held financially liable for losses caused by failings in its products-- not to a degree that would instantly put them out of business, but a fair amount. Say, equal to their annual marketing/advertising budget?

Let's look at it with the car company analogy. Suppose Ford's commercials said that the airbags in their cars would save you and your family's lives? Okay, now suppose someone dear to you was killed in a head-on collision while driving a Ford. How would you feel if, when you tried to sue, Ford said, "But wait, your loved one agreed to the EULA by deploying the airbag... let me read you this paragraph from it that says, if the airbag does not work as we said it would, we aren't liable."

Remember what got the ball rolling with car manufacturer liability. Ford manufactured a car that roasted its occupants when hit from behind. Ford figured it would be cheaper to pay the victims than it would be to fix the car. When this surfaced, public outcry did the rest.

Most cases aren't as clear-cut. Continuing on the car industry example, can you hold a vendor liable if you're not wearing seatbelts, and suffer serious injury as a result? Probably not. Can you sue if you are injured in a parking accident by the airbag? Probably not. Now, why were you injured in the first place by said airbag? Because they are inflating with the power required to restrain a person not wearing seatbelts. Anything wrong with this picture? You bet. The consumer has a responsibility of his own, in this case: wearing the seat belt.

Liability is eventually determined by a judge and a jury, and in corner cases it's just a lottery, which is why car manufacturers err on the side of safety -- theirs, not the safety of the customers who are wearing seat belts.

The same thing is looming on the horizon when a software lemon law gets introduced. Vendors will still go to great lengths to skirt their responsibility, and even if that works to "improve" the product, chances are the consumer will be hurt in the end.

For a preview of things to come, look at Microsoft's security fix to Outlook. It is available, so like seat belts, common sense holds that if you don't apply it, you willfully accept the consequences. But unlike seat belts (which are at worst an inconvenience), applying this patch will cripple Outlook beyond being usable.

You can't win this one. Frankly, I'd settle for a law that demands truth in advertizing w.r.t software products.

Many of you are discussing this and saying it doesn't apply to OSS.
Technically, under thet respect, it doesn't apply to Microsoft either.
If you buy a uesd car, and in the next couple months have to put a lot of money into it to keep it running (i.e. a prime candidate for the 'lemon law'), you don't sure Ford/GM/whoever for making a crappy car that no longer works, you sue the person who sold it to you. In effect, you sue the distributor for charging you for a crappy product, not the publisher.
It should be the same with software. Microsoft ships software to retailers and OEMs, windows get sold to consumer, consumer is unhappy, consumer sues retailer/OEM. After this, the OEM will no longer buy windows from Microsoft, so the quality of the product and the strength of the corporation will be indirectly affected, but it shouldn't be directly. If 50 owners of windows sue Microsoft, many will lose as they don't have the resources to beat out a large corporation in a legal battle. If Dell or HP/Compaq stopped selling windows with its PCs because they got a very large bad review from those consumers who bought their PC, it will have a much larger impact on Microsoft and its lines of products.
In this case also, with OSS, the writers would not be the ones who can be sued, but the corporations (RedHat, Hummingbird, Ximian et. al)

Most open source software seems to be in the perpetual beta state anyway, but if a lemon-law were to pass, maybe the commercial vendors would move toward this as well. Never releasing a "finished" version, just alphas, pre betas, betas, preview editions, release candidates, etc, etc, etc.

If this were to happen, it might actaully help the public, forcing the commercial vendors into a system where they actaully have to admit that thier product is never finished. Maybe then the public would stop shelling out money every time the latest edition comes out, lining the pockets of Gates and company.

The analogy of the automotive lemon refers to a specific instance of a car that has faults. When ever single car of that type has a fault it is a design flaw, and can lead to a recall in the extreme cases. Of course in software, there are only global design flaws.

But software systems are complex, and they will always have bugs. And the industry is too powerful to permit a law that would not recognize this and regulate it the same way simpler products are regulated.

All of us who have written software know why we want to disclaim liability, and people who use it know why they accept those disclaimers. It's a hard problem to figure out if there is a middle ground that will satisfy both user and author.

Fitness of use for open-source software that is commercially sold is a perfectly reasonable proposition, and it is duplicitous and disingenuous of the "open source community" to oppose it.

If sensibly implemented, this would put the burden of responsibility on commercial distributors of open source software. If I download an open source product from some coder's website, there's no transaction, there's no contract, and no liability. However, if I pay $100 to RedHat to purchase the same software, that should be treated the same as if I paid Microsoft for the same, and they should bear the burden of responsibility.

I would even go so far as to say that such a law would be good for open source developers, if not the open source "community" which is full of many leeches. Many of the companies that sell open source software these days are playing the "something for nothing" model; they take open source software that someone else has written, put it in a box, and charge for it, without undertaking development themselves. (See, for example, the controversy over OpenOSX.com.)

This is, of course, a much better business model than conventional software development... they get all of the money for none of the work. These are the people who would be most hurt by product liability laws... and forcing people who profit from the open source community to be responsible for it as well doesn't seem like such a bad idea to me.

This simply is not something we ever have to worry about. I'm sure Microsoft owns enough congresspeople that they could get it laughed off the floor. And they have significant interest in doing so, because they are going to be the first company the sharks go after if something like this becomes law.

Why couldn't one limit the maximum liability
to, say, 10 times the license / distribution price? So a typical private MS customer might claim some thousand dollars while a company or school (with a single contract covering thousands of machines) could start multi-million dollar lawsuits. Obviously, the risk for authors of free software is then still zero. For linux distributors, the liability might be limited to the non-free software parts (like yast in SuSE) and to the editing process (identification of alpha/beta/production grade software). In any case, big money will only be at stake for companies which make big money.

Ultimately, however, the burden of proof will be where this law fails. Say Windows crashes. Who is at fault? What program were you using when it crashed? Was it Microsoft Certified? What hardware do you have in your system? One slightly faulty RAM chip can cause lots of crashes. Is that Microsoft's fault? Oftentimes Linux will be able to handle the fault better than Microsoft. Does that make Windows a Lemon? What about drivers, programs with Ring0 access? Giving a program access to the hardware is an inherent liability because it can cause a crash. Then you get into the interactions of various drivers..I've had cases with DriverA running HardwareA and DriverB running HardwareB. There was a crash, and removing HardwareB solved the problem, but so did simply upgrading DriverA. Who's at fault?

Windows, by itself, is actually quite stable. If these laws come about, what would end up happening is that Microsoft would always shove off the blame for a "lemon" on a third party, and they'd have the money and lawyers to do it.

I'm sorry, let me revise. The current versions of Windows. Windows 95 is no longer supported by Microsoft, and Windows 98 soon won't be (or is it already unsupported?). I can't speak for ME because I don't use it, but 2k has been rock solid for me. Uptimes of over 2 months, and damn near all reboots because I constantly tinker.I'm a big Linux advocate. I run an OpenBSD box. The primary reason I have a windows machine at all is because the support still isn't there for gaming and video editing. Yes, there are decent video editing tools for Linux. They're not as good as the Windows equivalents, or they're multimillion dollar software used to edit movies like the Matrix.I'm just not a zealot. I recognize where the problems lie, and I recognize when there's a use/market for a particular product. Windows has it's place, and it's current incarnations, it's quite stable. When Linux gets support from software makers, it will have a place on the desktop. Until then, it simply can't give the end users what they want.

Haven't you ever seen the phrase, "In no case shall [provider]'s liability be construed to extend further than the price paid for the product." If I buy RedHat from LinuxCentral.com for $10, I don't think I can reasonably expect to sue them for a million dollars. Can't they explicitly state that I can't?

I'm usually on the "left" of most arguments, but software is one area where the "market" should be allowed to make these decisions. If someone doesn't like a piece of software, go use something else! If anything, bad commercial software being allowed to exist only pushes FS/OSS software usage way up anyhow.:)

The only instance I'd be ok with this is in embedded systems for medical devices, etc, where if stuff doesn't work... people DIE. So in this case, the problems of intervention are definitely outweighed by the possible weight of what could happen if the gov't doesn't stand in. As it is, most embedded systems like this do have a good reputation (if they didn't, they'd cease to exist), but when actual lives are at stake, it's a different issue, so the added weight of punishment for negligence, etc, is acceptable.

The company for which I work develops custom software. IANAL, but one of the ways we limit liability is through collecting and documenting requirements for the software, and testing that those requirements were met. We also follow a strict software development process, which supports out ability to develop a quality product. By developing this documentation, we are able to pass liability off to our customers. I.e., They have agreed that our software meets their requirements and our tests are sufficient to prove that it does. Now, if we knew our software didn't meet the specification, that is different (usually called FRAUD).

I would think that something like this would work for the larger Open Source projects. If they could have the requirements of the project documented (i.e., what it is suppose to do) and have tests written to verify this, then they may have a out. The problem is M$ case is that they know of the problem, or their quality process is not sufficient, and do nothing about it.

This was one of the complaints that people had about UCITA. It made software distributed over the net more liable while traditional software companies were not held liable because the shrink wrap license nullified all responsability.

I think any liability laws would unfairly punish smaller companies.

Some people are in favour of Lemon Laws specifically because they dislike Microsoft and think that Microsoft software is insecure. This is stupid and shortsighted.

Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.

After you have informed the consumer you can let the market decide. If they still use software with a G rating then that's their own problem.

Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.

I think this sounds pretty nice, but it has problems. For instance, clients are not necessarily more secure than servers, a well-written anonymous ftp server could theoretically be infinitely more secure than a poorly-written web browser which downloads and executes code without express permission.

Also, most linux distributions would minimally start at a "C" rating under this scheme, while windows 98 would begin at "B" (without enabling "file/printer sharing"). Which do you consider to be more secure on the average? Do the ratings reflect that?

These problems are indicative of a greater flaw in this scheme, software doesn't have to rigidly conform to _any_ model, be it client/server, P2P, etc. Laws take a long time to be changed, software can be changed in weeks (witness Microsoft's court history.. pretty soon they might be stopped from producing Windows 95;) - if we draft laws or even form committees which define certain software paradigms as insecure, software will simply change paradigms to achieve a higher rating until the ratings-board is able to change criteria to match.

Alternatively, we could have panels of elected security-analysts pore-over every piece of software that is voluntarily-submitted for a rating (in source form), at a cost to the software producer (based on some criterion I don't know), and they could arbitrarily grant ratings based on their findings.

I don't know that this is the best solution, but it sounds more practical, it's similar to other analogous (movie ratings, supreme court, etc.) systems for ideal-compliance which are already in place and doing a reasonable (not perfect) job.

Many people claim these laws would force MS to fix their bugs/security holes...but don't they already? The problem I see is that no one patches. Look at Code Red. The patches for it were out a long time before it hit. If everyone patched it would have been a big non-event.

I say companies should fire incompetent people that don't maintain systems. That last thing we want is regulation in the software industry.

If the software behaves as promised, no liability laws can affect you. Therefore, it only makes sense to specifically promise that the behavior of the program is documented by the accompanying source code. Since source code is the ULTIMATE documentation, there can be no false representation. For free software, this is not an issue because it's distributed with the code.

Ask Microsoft to ship full source code with their products for a full disclosure of what it actually does. Since they're not willing, you have to take their word for it, which is hardly comforting.

Such a law would be good in the context of a reformed liability law. Right now if someone is.001% liable they can still pay 100% of the damages. This applies if they didn't know or intend the outcome.

Open Source software can be much like a public park. There should be an exemption for free, public *anything* that doesn't involve criminal negligence. If you don't pay admission, it would be up to you to make sure you don't do anything stupid on the play equipment.

At that point, Red Hat, SUSE, etc. can assume as much or as little liability as they want as they add a paid layer on top of the commons.

Further, Source is stuck somewhere being a device (like a toaster) or a book. If you don't like the ending of a book, or how the cake turns out, the book is in no way defective. If you can't follow instructions, or even if you simply won't, or the instructions are wrong or dangerous, you normally can't sue the author. You can sue if the toaster is defective and is actually an ignition source when used as directed.

An EULA in the usual form Microsoft uses basically declares it to be a device. If I can't read it or analyze it or quote it, but only use it, it is a device and not a book. Also it says you don't even own it (even the single copy as under copyright).

GPL on the other hand says lets discuss, improve, analyze the work, and by the way, you can run it and maybe use it to do something useful (like a recipe in a cookbook). It might be used as a device, but it is still a "book". And I think you could tweak the GPL if necessary to make it legally fall into the same liability category as a book.

Between tort reform, and resolving the device / artistic work dichotomy, I think GPLed software would thrive.

But we do not have wise leaders, and Microsoft sends more money to prevent clear thought on the part of our legislators.

It doesn't include "It's free, use it on your own risk, it's not final version"

In general it excludes licenses like commercial, GPL, FreeBSD, etc. as they are now, but it can't exclude open wide beta testing, prerelease promotion. So, with adding to GPL restrictions clause like that, that would define software as such, would be possible to avoid lemon law restrictions.

Software in development never matures to it's final stage. Yes, I know people like 1.0, 2.0 etc. But where is the final stage? Simply defining always "Development in progress, but this is what it's done so far", would avoid that kind of law. On the other hand people have no signed contract or receipt to show that as evidence at the court.

I know that in case such law would be passed, I would just make a clause on my web page. "ENTER" if you.... "LEAVE" if you.... Works for XXX pages.

Putting on web page something likethat is easy. Here is an example"Enter if you're interested in this software, but by entering you agree that this software hasn't matured to it's final stage (at least out of legal points, which don't allow free software to be passed on in different way, then being treated as work in progress), you also agree that software has provided you with license which defines how this software should be treated regarding distribution, usage etc. just the same as this software would reach it's final stage. Considering legal points passed by "lemon law", this clause and describing maturity state of this software, it's unfortunate necessity for this software being able to be passed on freely."

Of course, I'm from Europe and I'm not concerned with stupidity like that.:-)

IANAL, so I'm not going to comment on whether what this article claims is going to happen or not, but at least one free software project has closed down because of concerns about liability: Broadcast 2000. The page describing the situation is here. [heroinewarrior.com]

Now I don't know if his fears are well founded or not, but I'm sure he had some reason for taking the action of yanking the previously available source. Perhaps an anti-lemon law with an explicit "software made available for no cost is exempted" would be better, although even then I'm not so sure it's a good idea. Should Red Hat be held responsible if one of the beta products in the distribution is buggy (say, the situation with Mozilla a year ago)? Besides, what level of bugginess is okay? Is 99% uptime sufficient? 99.999%? 100%, every crash results in a lawsuit? I just don't know about this...

First, warranties only are meaningful in the context of a commercial transaction. There's no reason to expect a warranty on a free good.
So this is not a problem for free software.

Second, warranties aren't that expensive to manufacturers. Under 5% of the cost of a car is in the warranty. More to the point, in the gambling industry, where full financial responsibilty for errors and downtime is the norm, GTech, which runs lottery systems, pays out about 0.3% of revenue in penalties.

Compensatory damages and blame management are real issues. But this comes up in other areas, and the suppliers work it out between themselves, as in the Ford vs. Firestone tire failure issue. In computing, we should expect full warranties on the OS from manufacturers who preload an OS. Let Dell and Microsoft argue between themselves who's responsible.

Finally, manufacturers who don't offer a full warranty should have to put a giant "AS-IS" on the box, like those signs that appear on used cars.

Something that really bugs me is the comment that this lemon law could kill "OpenSource and Free Software" alltogether. In the case you guys from the US haven't noticed: There are other countries with other laws.

Of course here in Germany a vendor or producer is liable for what he sells, too. But this liability has limitations! In Germany you CANNOT sue McDonald's because you failed to notice that coffee may be hot and McDonald's hasn't provided you with that information! You CANNOT sue a toy company for selling Superman capes without providing a warning that those capes won't give you the ability to fly! And even if you can sue a company for liability (i.e. because they failed to give notice about poisons or side-effects in their products), you won't be rich!

German jurisdiction mostly follows the customs and the common sense. That means: if you pay 1000 Euro for product A it is NOT regarded in the same way as product B which you got for free.

Besides: do you really think that OpenSource and Free Software are dead the same moment the US leaves the building?

The author makes a very poor argument. Consumers have a reasonable expectation of performance from (e.g.) MS Windows because they pay for it. You can't make the same argument for software that you get for free.

This bill cannot kill open source *development*. It may, however, make the selling of open source software much more difficult. If this bill passes, companies like RedHat would now be liable for bugs in Linux. Of course, RedHat can (and does) take a snapshot of Linux and make lots of modifications and tweaks before making a release, but there's no way they're going to catch all of the bugs. They're best bet would be to get heavily involved in the system of releases of open source software. This will be very tricky, though, as developers will not be happy to see a company have such control...

Yes but all Free software would have to be public domain; no GPL, which relies on copyright, as you can't have an anonymous copyright holder.

In fact I don't see how you can clearly submit a work to be in the public domain unless you identify yourself as it's author. Remember, all works are automatically protected under copyright upon creation, whether you add the magical Copyright (c) sydb 2002 or not.

I think they have too. But really software comes in two forms, source code and compiled code.Source code is like the plans for a car. Are plans copyrightable? Patentable?Compiled code is like the car itself. Same question as above.

I wouldn't be surprised that if a company can demonstrate to a court that it has a rigourous QA program in place then liability might be reduced

To prove liability there has to be neglect. If cars are produced in a plant where all the safety standards are met, then if something happens to the car, it is considered an act of God.

There would need to be an industry-standard QA process in order to prove that a particular company was neglectful and therefore responsible for damages caused by product failure. If a company followed the standard process, then no hard could be done if a bug made it into the released version.

That's funny. Market forces are the reason so much mass-market software is crap now. Customers preferred more features, mostly idiotic bells and whistles, and the illusion of tech support, to product quality.

OK, now that there's a monopoly situation, it's not just the market in the driver's seat anymore, at least on the desktop. But it was still a relatively free market when consumers had the choice between feature-laden dreck and more tightly-focused products with better quality. So now they change their minds and want quality? The market allocates resources according to buyer's preferences, and generally does that efficiently. That doesn't mean that buyers always choose the technically best product.

Anyway, the real driving force in this initiative is the lawyers trying to get their mouthparts into a nice big pool of cash. And if they happen to destroy another industry in the process, well, it won't be the first time.

And there's not even the consolation that more regulation will hurt Microsoft. Higher barriers to entry tend to protect monpolies, not break them up. It's the little guys and the innovators who will be screwed. They don't have the deep pockets to pay the lobbyists to subvert the regulations. And if GPL'd software happens to become a victim of collateral damage, Congress and the legal profession won't give a shit, because there's no money in it for them anyway.

So it's not about us needing more laws, it's about which laws will most benefit the greed and lust for power of those who actually run this country. Parasites don't care about their host's freedom, only about how much blood they can extract. The underlying problem is that they're making the decisions in the first place, not us. Nothing will change until that changes.

shiny new SUV if the manufacturer also released the blueprints?Well, I'd figure those blueprints were there for a reason. So that if there was any problem, I would be in as good a position as posible to fix it myself. I doubt that the blueprints would eliminate manufacturer liability, but seems like they would go a long way in that direction.

I think publishing the source should allow the disclaimers to be in force. MS does publish the source to some customers, and GNU to everybody. With the source you can (in principle) verify the functionality and absence of backdoors, and you can (in real life) fix problems yourself instead of having to wait for a Service Pack or other official upgrade.

This is pretty much the key. All that is needed to get OSS off the hook is the line in the documentation "This product does exactly the source code says it does. All other documentation is purely opinion."

I've often felt that the insurace model would be a good model for selling free software. You sell an open source product, with a guarentee that it is suitable for running a company with annual profits of a determined amount. You pay 100% of costs to anyone whose business makes a huge loss because of your software. You can sell the software at a cost such that Maximum possible payout * probability of failure cost of software to user.

If a company has a larger annual profits, you sell exactly the same solution at a proportionally higher price. This means that the seller can be trusted, because it is in their interests to produce a piece of software that is as reliable as possible, and the buyer buys piece of mind. It also provides an answer to "Who do you sue if open source software goes wrong".